Employee Bypass! How Insiders are Getting Around Security Protocols

You’ve done it! You set up a some security protocols to prevent insider threat, everything should be fine now right? Well not exactly, insiders are actively bypassing enterprise grade security protocols. This means more internal-driven exposure to data breaches, also known as insider threats. Insiders in the 21st century are very technology savvy, meaning they know how to bypass.

In a report from Dtex Systems, they found that 95% of enterprises have insiders who actively try to subvert their security systems.

These are not always malicious actors, but can be negligent employees trying to access personal or banned content online. Insiders include contractors, managers, and strategic partners, not just employees. Which makes bypass attempts that much more concerning.

Insiders are actively seeking out vulnerabilities in security systems in order to get around them. Insider behaviors included active searching, installation, and use of vulnerability detection tools. Additionally, anonymity tools were used frequently which included virtual private networks (VPN), TOR Browser, and web proxy tools. Together these have the capability to bypass some common protocols on corporate networks. Most of them however require the user to have permission to install software on their computer or on the network.

Insider Behavior, Intentions, and Impacts

Studies have shown, employees are not concerned about security with their own devices, even after training sessions. So if security are not a top priority on personal devices it will likely not be top priority on your network either.

You may be wondering if insiders are bypassing your security what exactly are they doing? Well according to the report by Dtex Systems, insiders were engaged in online gambling, viewing pornographic content, exchanging bitcoins, and other generally unacceptable online activity at work. Insiders are not only violating company policy but are also putting the company at extreme risk by accessing websites that contain malware, malicious external actors, and ransomware.

This behavior exponentially increases the risk that an organization is exposed to. An insider could knowingly have their browser infected with malware which then accesses your network, resulting in leaked data. Another scenario is that an insider could get caught up in a phishing attack replying to an email from unknown actors outside the organization for something personal, but results in a compromised system. The chances of a breach are increased with bypass behaviors happening in the workplace.

Insider threat is still one of the top security challenges in 2017.

60% of all cyber attacks are done by insiders. Nearly 70% of insider attacks are a result of negligence, and 22% being intentional from malicious actors.

What this data means, is that your employees, contractors, and partners who may be bypassing security for their personal leisure, will cause your organization to have a massive data breach. The question is not if it will happen but when. Thankfully there are a few things you can do to try to prevent this from happening.

Tips on Bypass Prevention

Some tips are permission based, others are either technical or education based. In all cases though these have proven to be some of the most effective for disincentivizing and preventing insider bypass behavior.

1. Software Installation Permissions

Many of the bypass methods all rely on the ability of users to install software. With that permission revoked from users their options for bypass become severely limited. Unless the user needs constant access to install/remove software there is little reason why users should have this ability. It would also be wise to prevent the installation of browser extensions for any users on your network devices (endpoints).

2. Behavior Analytics

Your organization should have a security solution that uses machine learning to build profiles of users and allows for the admin to define what normal behavior is. This would allow the admin to be alerted of behavior that deviates from company policy or from the standard work process. Included here would be log analysis, email tracking, rules-based risk analysis, web activity tracking, and much more.

3. New and Old Recruits

New hires and people on their way out should be given more attention as they are a higher risk for violating security and company policy. This is especially true for contractors and employees on their way out who may have a grudge against the company. They are more likely to engage in sabotage or leak data. These users should be restricted to the absolute minimum of what is needed to perform their jobs.

Employee bypass may be a problem, however insider threat can be contained with a strong security solution and vigilance with current insider behavior.

Isaac Kohen started his career in quantitative finance developing complex trading algorithms for a major Wall Street hedge fund. During his tenure at Wall Street and his subsequent experience securing highly sensitive data for large multi-national conglomerates, he identified the market need for a comprehensive insider threat and data loss prevention solution. And so, Teramind was born. Isaac is a well-recognized thought leader in the security industry with many of his articles published in Forbes, Inc, Tripwire, and CSO Online. Read more industry thought leadership articles on Isaac's LinkedIn.

Posts created: 209

Previous articleDummies Guide to Insider Threats

Next articleWannaCry, Now NotPetya: How to Protect Yourself from Cyber Outbreaks